AT&T Consulting offers an advisory service to assist with the
development of comprehensive and informative security strategies that are
effective and manageable, seeking maximum return on your security investments.
Our consultants will develop a comprehensive information security framework
that addresses your organization’s requirements for information protection,
incident prevention, and detection and response, consistent with industry best
practices. Our consultants will establish a plan that addresses risk monitoring
and mitigation requirements, as well as emerging technologies such as mobile
and cloud computing. A customized roadmap will be developed with detailed
project plans, identified owners, timelines and resource allocation for the
effective implementation of the security strategies.

AT&T Consulting is a Payment Card Industry (PCI) Qualified Security
Assessor (QSA), a Payment Application Qualified Security Assessor (PA-QSA), and
a Qualified Incident Response Assessor (QIRA). We work closely with you to gain
a strong understanding of your business model and the critical supporting
components and systems. This allows us to not only perform assessments, but
also to provide strong strategic and tactical advice in the event that a PCI
objective or control is not met or you experience a data breach. This offer
includes program management, PCI health checks, readiness assessment, incident
response and forensics, trusted advisor subject matter expert guidance and
annual PCI compliance assessments.

When networks grow organically, or by merger and acquisition, they often end
up performing sub-optimally. The same is true for security devices, for
example, firewalls with thousands of rules. There may also be various programs
and requirements that drive architecture changes such as the push towards
de-perimeterization and network segmentation. Our skilled and certified
security consultants have considerable experience in the areas of network
consolidation and the analysis of data and packet flow. AT&T Consulting
knows how to segment networks and then tune the security devices to improve
performance and minimize impact. We have experience with data leakage and
data loss prevention tools, as well as security event management devices and
other state-of-the-art products. Our consultants can collaborate with you to
develop a cohesive security architecture, which can be deployed and integrated
in an adaptive and iterative lifecycle manner.

The Vulnerability and Threat Management offer provides an independent
baseline and validation of the organization’s security posture. AT&T
Consulting offers a comprehensive and world-class suite of vulnerability
assessment and penetration testing services. AT&T Consulting can simulate
real-world attacks to identify vulnerabilities in the network, evaluate risks,
and develop remediation plans that are tailored to unique business requirements
and security needs. When an effective program of risk management is implemented
and operated in close alignment with business goals, there are returns beyond
simple cost reduction. Studies show that firms with superior IT governance have
higher profits than those with similar strategic objectives but which lack such
governance.

The Application Security Services portfolio consists of tactical and
strategic services to help organizations assess, manage, and reduce security
risks arising from unsafe software development practices. AT&T Consulting
offers four categories of application security services. Application Security
Assessment offers automated and manual testing designed to circumvent the logic
of the application in order to gain elevated access to systems or information.
Application Security Program Management provides an application inventory,
identification and assignment of risk classification, development of testing
plans, and management and execution of the program. The third service, Security
Code Review, examines all codes to identify potential weakness and
vulnerabilities that could put the application and sensitive data at risk of
disclosure or loss. Finally, we offer PCI PA-QSA Application Security
Assessment. Visa and MasterCard encourage application development companies to
certify payment applications in accordance with the PCI Payment Applications
Best Practices program. Applications that meet these standards can be listed on
the Visa/MasterCard web sites as PCI approved payment applications